Cisco Nexus 1000V
Release Notes

This document
describes the features, limitations, and caveats for the
Cisco Nexus 1000V,
Release 5.2(1)SV3(1.10) software.

Cisco Nexus 1000V
for VMware

The
Cisco Nexus 1000V
for VMware provides a distributed, Layer 2 virtual switch that extends across
multiple virtualized hosts. The Cisco Nexus 1000V manages a data center defined
by the vCenter Server. Each server in the data center is represented as a line
card in the Cisco Nexus 1000V and can be managed as if it were a line card in a
physical Cisco switch.

Virtual Ethernet
Module (VEM), which acts as a line card and runs in each virtualized server to
handle packet forwarding and other localized functions.

Software
Compatibility with VMware

The servers that run
the
Cisco Nexus 1000V
VSM and VEM must be in the
VMware Hardware
Compatibility list. This release of the
Cisco Nexus 1000V
supports vSphere 6.0, 5.5, 5.1, and 5.0 release trains. For additional
compatibility information, see the
Cisco Nexus 1000V and VMware Compatibility Information.

Cisco Nexus 1000V
Configuration Scale Limits

The following table
lists the configuration scale limit information for the
Cisco Nexus 1000V
Advanced edition.

Note

The scale
limits for the
Cisco Nexus 1000V
Essential edition are half of what is stated in the following table.

Feature

VEM

DVS

Other

Hosts/DVS

—

250
(includes gateways)

—

Total vEth
ports

1000

10,240

—

Ports per
port profile

1024

2048

—

Port
profiles

6144

6144

—

Physical
NICs

32

2000

—

Physical
trunks

32

2000

—

vEthernet
trunks

32

1024

—

Port
channels

8

1024

—

Active
VLANs

4094

4094

—

VXLANs
(bridge domains)

6144

6144

—

VXLAN
gateway pairs

1

8

—

VXLAN
mappings

512 per
gateway

4094

—

VXLAN
trunks

32

1024

—

VXLAN
mappings per trunk

512

—

—

VXLAN
VNI

1044

6144

—

VTEPs

4

1024

512 per
bridge domain

BGP
peers

8 VSM

—

—

Route
reflectors

—

—

2 per
VXLAN control plane

MAC
addresses

32,000

—

—

MAC
address per VLAN

4094

4094

—

DHCP IP
bindings

1024

10,240

—

ACLs

128

128

—

ACEs per
ACL

—

128

—

ACL
instances

6000

42,000

6
instances per port

NetFlow
policies

32,000
flows

64
monitor sessions

64
records

64
exporters

—

QoS
policy maps

—

128

—

QoS
class

—

1024

—

QoS
class maps/policy maps

—

—

64

QoS
instances (ingress and egress)

—

9000

—

Multicast groups

1024

1024

—

PVLANs

512

512

—

Port
security MACs

2048

24,000

5 MACs
per port

SPAN/ERSPAN sessions

64

64

—

Source
interfaces per session

—

128
vEths

or

32
physical Eths or port channels

—

Source
VLANs per session

—

32

—

Destination interfaces per session

—

32

—

SPAN
sessions per source interface

—

4

—

Source
profiles per session

—

16

—

Destination profiles per session

—

8

—

Cisco
TrustSec

—

6000
IP-SGT mappings

128
SGACLs

128
ACEs per SGACL

8
SXP peers

—

Number
of VSMs per VC

—

—

64

Domain ID range

—

—

1-1023

Cisco VSG Configuration Scale Limits

In this release, when Cisco Virtual Security Gateway (VSG) solutions using version 5.2(1)VSG2(1.4) are deployed, the following scale limitations apply and supersede the scale numbers shown in Cisco Nexus 1000V Configuration Scale Limits.

Configuration
Container Names Must Be Unique

In releases earlier
than 5.2(1)SV3(1.1), you could create two configuration containers (for
example, two port profiles) with the same name but different case sensitivity;
for example, vmotion and VMOTION.

In later releases, you
cannot create two configuration containers (for example, two port profiles)
with the same name but different case sensitivity. During an upgrade, one of
the port profiles with a duplicate name is deleted, which moves the
corresponding ports in vCenter into quarantined state.

For example, do not
create bridge domains with the same name (one uppercase, one lowercase) that
point to different segments. See the following examples:

VDP

Implementing VDP on
the Cisco Nexus 1000V has the following limitations and restrictions:

The Cisco Nexus
1000V supports the Cisco DFA-capable VDP based on the IEEE Standard 802.1 Qbg,
Draft 2.2, and does not support the Link Layer Discovery Protocol (LLDP).
Therefore, the EVB type, length, and value are not originated or processed by
the Cisco Nexus 1000V.

The VDP
implementation in the current release supports a matching LLDP-less
implementation on the bridge side, which is delivered as part of the Cisco DFA
solution. For more information on the Cisco DFA, see the
Cisco DFA Solutions Guide.

Timer-related
parameters are individually configurable in the station and in the leaf.

Connectivity to
multiple unclustered bridges is not supported in this release.

IPv6 addresses in
filter format are not supported in this release.

VDP is supported
for only segmentation-based port profiles. VDP for VLAN-based port profiles is
not supported in this release.

The dynamic VLANs
allocated by VDP are local to the VEM; they should not be configured on the
Cisco Nexus 1000V VSM.

VDP is supported
on VMware ESX releases 5.0, 5.1, 5.5, and 6.0 in this release.

DFA

Fabric forwarding mode
is not supported under the VLAN configuration.

ERSPAN

If the ERSPAN source
and destination are in different subnets, and if the ERSPAN source is an L3
control VM kernel NIC attached to a Cisco Nexus 1000V VEM, you must enable
proxy-ARP on the upstream switch.

If you do not enable
proxy-ARP on the upstream switch (or router, if there is no default gateway),
ERSPAN packets are not sent to the destination.

VMotion of
VSM

VMotion of VSM has the
following limitations and restrictions:

VMotion of VSM is
supported for both the active and standby VSM VMs. For high availability, we
recommend that the active VSM and standby VSM reside on separate hosts.

If you enable
Distributed Resource Scheduler (DRS), you must use the VMware anti-affinity
rules to ensure that the two VMs are never on the same host, and that a host
failure cannot result in the loss of both the active and standby VSM.

VMware VMotion
does not complete when using an open virtual appliance (OVA) VSM deployment if
the CD image is still mounted. To complete the VMotion, either click
Edit
Settings on the VM to disconnect the mounted CD image, or power off
the VM. No functional impact results from this limitation.

If you are adding
one host in a DRS cluster that is using a vSwitch to a VSM, you must move the
remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does
not work, the VMs that are deployed on the VEM could be moved to a host in the
cluster that does not have a VEM, and the VMs lose network connectivity.

Note

For more information
about VMotion of VSM, see the
Cisco Nexus 1000V Installation and Upgrade Guide.

Access Lists

ACLs have the
following limitations and restrictions:

VLAN-based ACLs
(VACLs) are not supported.

ACLs are not
supported on port channels.

The
access-class command is not supported on the vty
interface. Use management interface ACL for any access-list requirements.

NetFlow

The NetFlow
configuration has the following limitations and restrictions:

NetFlow Sampler is
not supported.

NetFlow Exporter
format V9 is supported.

NetFlow Exporter
format V5 is not supported.

NetFlow is not supported on port channels.

The NetFlow cache table does not support immediate or permanent
cache types.

Port
Security

Port security has the
following limitations and restrictions:

Port security is
enabled globally by default.

The
feature/no feature port-security command is not
supported.

In response to a
security violation, you can shut down the port.

Port
Profiles

Port profiles have the
following limitations and restrictions:

There is a limit
of 255 characters in a
port-profile command attribute.

We recommend that
if you are altering or removing a port channel, you should migrate the
interfaces that inherit the port channel port profile to a port profile with
the desired configuration, rather than editing the original port channel port
profile directly.

When you remove a
port profile that is mapped to a VMware port group, the associated port group
and settings within the vCenter Server are also removed.

Policy names are
not checked against the policy database when ACL/NetFlow policies are applied
through the port profile. It is possible to apply a nonexistent policy.

The port profile
name can be up to 80 alphanumeric characters, is not case-sensitive, and must
be unique for each port profile on the Cisco Nexus 1000V. The port profile name
cannot contain any spaces. The port profile name can include all the ASCII
special characters except the forward slash (/), backslash (\), percent (%),
and question mark (?).

Note

If there are any existing port profiles (created in earlier Cisco
Nexus 1000V releases) with names that contain a forward slash (/), backslash
(\), percent (%), or question mark (?), you can continue to use them in this
release.

SSH Support

Only SSH version
2(SSHv2) is supported.

LACP

Only LACP offload to VEM is supported. Upgrades from earlier releases
to this release change LACP to offload mode by default.

Cisco NX-OS Commands
Might Differ from Cisco IOS

Be aware that the
Cisco NX-OS CLI commands and modes might differ from those commands and modes
used in the Cisco IOS software.

No Spanning Tree
Protocol

The Cisco Nexus 1000V
for VMware forwarding logic is designed to prevent network loops; therefore, it
does not use the Spanning Tree Protocol. Packets that are received from the
network on any link connecting the host to the network are not forwarded back
to the network by the Cisco Nexus 1000V.

Cisco Discovery
Protocol

The Cisco Discovery
Protocol (CDP) is enabled globally by default.

CDP runs on all Cisco-manufactured equipment over the data link layer
and does the following:

Advertises information to all attached Cisco devices.

Discovers and views information about those Cisco devices.

CDP can discover up to 256 neighbors per port if the port is
connected to a hub with 256 connections.

Note

If you disable CDP globally, CDP is also disabled for all interfaces.

For more information about CDP, see the
Cisco Nexus 1000V System Management Configuration Guide.

DHCP Not Supported
for the Management IP

DHCP is not supported for the management IP. The management IP must be
configured statically.

Upstream Switch
Ports

We recommend that you
configure spanning-tree port type edge on upstream switches for faster
convergence.

The following commands are available to use on Cisco upstream switch
ports in interface configuration mode:

spanning-tree portfast

spanning-tree portfast trunk

spanning-tree portfast edge trunk

Interfaces

When the maximum
transmission unit (MTU) is configured on an operationally up interface, the
interface goes down and comes back up.

Layer 3 VSG

When a VEM
communicates with the Cisco VSG in Layer 3 mode, an additional header with 94
bytes is added to the original packet. You must set the MTU to a minimum of
1594 bytes to accommodate this extra header for any network interface through
which the traffic passes between the Cisco Nexus 1000V and the Cisco VSG. These
interfaces can include the uplink port profile, the proxy ARP router, or a
virtual switch.

Copy Running-Config
Startup-Config Command

When you are using the
copy running-config startup-config command, do not
press the PrtScn key. If you do, the command aborts.

SNMP User Accounts
Must Be Reconfigured After an Upgrade

If you are upgrading
from a release earlier than 5.2(1)SV3(1.1), the SNMP engine ID changes
internally to a unique engine ID. You must reconfigure all the SNMP user
accounts to work with the new engine ID. Until the SNMP user accounts are
reconfigured, all SNMPv3 queries fail. This restriction is associated with the
defect CSCuo12696.

After an upgrade,
use the
show snmp
user command to view the engine ID:

Complete the
following steps to reconfigure SNMP user accounts. Reconfiguring SNMP user
account involves deleting and recreating a new SNMP username and password. Note
that
paswd123 is an example that represents the SNMP user
password.

Accessibility
Features in
Cisco Nexus 1000V

All product documents
are accessible except for images, graphics, and some charts. If you would like
to receive the product documentation in audio format, braille, or large print,
contact accessibility@cisco.com.

MIB Support

The Cisco Management Information Base (MIB) list includes Cisco
proprietary MIBs and many other Internet Engineering Task Force (IETF)-standard
MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find
specific MIB information, you must examine the Cisco proprietary MIB structure
and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series
switch.

Subscribe to
What's New in
Cisco Product Documentation, which lists all new and revised Cisco
technical documentation as an RSS feed and delivers content directly to your
desktop using a reader application. The RSS feeds are a free service.